UNIT-III: UNIX SCRIPTS

(Write and Manage Unix Scripts, Secure Systems

and Application Logs)

Dr. Kefa, M

Department of Informatics
Institute of Accounts Arusha, Arusha-Tanzania

June 20, 2023

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Contents

I Write Unix Scripts

I Manage Unix Scripts
I Secure Systems and Application Logs

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
UNIX SHELL SCRIPTING
I Defn.
A shell script is a computer program designed to be run by
the Unix/Linux shell.
A shell script could be one of the following shells:
1. The Bourne Shell ($)
2. The C Shell (%)
3. The Korn Shell
4. The GNU Bourne-Again Shell
I A shell is a command-line interpreter and typical operations
performed by shell scripts include file manipulation, program
execution, and printing text.
I NOTE: The shell is a real programming language, complete
with variables, control structures, and so forth.
Shell script execute commands sequentially.
A Shell provides an interface to the Unix system. It gathers
input from users and executes programs based on that input.
When a program finishes executing, it displays the o/p.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
SHELL SCRIPTING

I Shell is an environment in which we can run our commands,

programs, and shell scripts.
I Each type of shell has its own set of recognized commands
and functions.e.g., $ known as shell prompt
I Shell Prompt ($):
is called the command prompt, is issued by the shell. While
the prompt is displayed, you can type a command.
Shell reads your input after you press Enter.
It determines the command you want executed by looking at
the first word of your input.
A word is an unbroken set of characters.
Spaces and tabs separate words.
For example, type the command $ date to display the current
date. eg. $date
day Month date time year

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
SHELL SCRIPTS
I The basic concept of a shell script is a list of commands,
which are listed in the order of execution. A good shell script
will have comments, preceded by # sign, describing the steps
I Unix scripts may include:
1. Conditions
2. Loops
3. Variables and Arrays
4. Functions etc.
Shell scripts and functions are both interpreted. This means
they are not compiled.
I For example, creating a test.sh script.
Note all the scripts would have the .sh extension. Before you
add anything else to your script, you need to alert the system
that a shell script is being started. This is done using the
shebang (hash & bang) construct. For example
#!/bin/sh: This tells the system that the commands that
follow are to be executed by the Bourne shell.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Writing Simple Shell Scripts

I Save the above content and make the script executable

$ chmod +x test.sh
I Check the permission on the file:ls -al
I To execute the shell run the following command:
$ ./test.sh
Upon execution, you will receive the following result
/home/amrood index.htm unix-basic utilities.htm
unix-directories.htm test.sh unix-communication.htm
unix-environment.htm

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Variable Types

I When a shell is running, three main types of variables are

present:
1. Local Variables A local variable is a variable that is
present within the current instance of the shell. It is not
available to programs that are started by the shell. They are
set at the command prompt.
2. Environment Variables An environment variable is
available to any child process of the shell. Some programs
need environment variables in order to function correctly.
Usually, a shell script defines only those environment variables
that are needed by the programs that it runs.
3. Shell Variables A shell variable is a special variable that is
set by the shell and is required by the shell in order to
function correctly. Some of these variables are environment
variables whereas others are local variables.

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Shell Variables

I A variable is a character string to which we assign a value.

The value assigned could be a number, text, filename, device,
or any other type of data.
I A variable is nothing more than a pointer to the actual data.
The shell enables you to create, assign, and delete variables.
I RULE: The name of a variable can contain only letters (a to z
or A to Z), numbers ( 0 to 9) or the underscore character ( ).
Do not use variables which have special meaning for shells eg.
!,* or -.
I Defining Variables
variable name=variable value: eg. NAME=”XYZ”
The variable NAME is assigned a value XYZ Accessing the
values:
NAME=”XYZ” echo $NAME gives an output XYZ

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Environmental Variables)

I These variables are the part of the system and these are
created and maintained by the syatem itself. These variables
always in capital letters only.

Variable Description
PS1 this is first prompt setting
in Unix ($)
PS2 this is second prompt
setting in Unix (>)
PATH whether we are used
absolute or relative path.
HOME it stores the current root
directory.
LOGNAME it stores the login name of
the user

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
User Defined Variables)

I Variables are defined as follows:

variable name = variable value
For example:
NAME = ”sscasc” Above example defines the variable NAME
and assigns it the value ”sscasc”.
Variables of this type are called scalar variables. A scalar
variable can hold only one value at a time.
The shell enables you to store any value you want in a
variable.
For example:
VAR1=”ssczsc ”
VAR2=100
Above example defines the variable VAR1 and assigns it the
value ”sscasc” and VAR2 assigned a value 100.

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Accessing Values to Variables)
I To access the value stored in a variable, prefix its name with
the dollar sign ( $):
For example, following script would access the value of
defined variable NAME and would print it on STDOUT:
NAME=”vvfgc ”
echo $NAME
This would produce following value:
Output: vvfgc
I Read-only Variables: The shell provides a way to mark
variables as read-only by using the “read only” command.
After a variable is marked read-only, its value cannot be
changed.
For example, following script would give error while trying to
change the value of NAME:
NAME=”vvfgc ”
readonly NAME
NAME=”xyz”: op: /bin/sh: NAME:variable is read only.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Unsetting Variables

I Unsetting or deleting a variable tells the shell to remove the

variable from the list of variables that it tracks.
Once you unset a variable, you would not be able to access
stored value in the variable.
Following is the syntax to unset a defined variable using the
unset command:
unset variable name
Above command would unset the value of a defined variable.
Here is a simple example
NAME=”vvfgc”
unset NAME
echo $NAME
Above example would not print anything.

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Read Command

I Read command This command is used to take the input from

the user.
Syntax: $read var1 var2 var3 . . . .. var n
Syntax: $ read var1
The variable used along with the read command need not be
preceded by the:
echo “enter ur name”
read name
echo “hello $name”
Output: enter username :vvfgc
Hello vvfgc

Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Test Operator
I It involves arithmetic, relational and boolean operators:
Such operators include:
1. Arithmetic: add (+), subtract(-), divide, multiply(*),
Modulus(%), Equal etc. e.g., ‘expr $a % $b‘
2. Relational: equal (-eq), not equal(-nq), greater(-ge) etc.
e.g., [ $a -gt $b ]
3. Boolean Operator: eg. , -o etc
I File Test Operators:
They are used to test various properties associated with a
Unix file.
Assume a variable file holds an existing file name ”test” whose
size is 100 bytes and has read, write and execute permission
on:
1. -b file: Checks if file is a block special file if yes then [ -b
$file ] is false. condition becomes true.
2. -c file: Checks if file is a character special file if yes [ -b $file
] is false. Condition becomes true. (Check control-IF ELSE)
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Unix Scripts for Operational Security
I Since all devices in the cyber space are vulnerable to malicious
acts, it is important to check security strategies of your UNIX
system as well.
I Make sure you have non-guessable passwords for all your
accounts and particularly your administrative or root account.
Unix users can use scripts to test the strength of their
passwords before using them.
I Why do we write Unix scripts?
If you keep writing the same shell commands it may be tedious
at times and you may look for a simple way to access your
files, applications and some operations in your Unix system.
shell scripts leverages that access- that is why we need to
learn unix scripting.
However, when writing unix scripts users need to take in
account of the security features, since attackers may access
your system using the information in the scripts.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
BASH Shell Scripting
I The command used when working in Linux and the BASH
shell can also be used in shell scripting programs.
For example:
1. cd /home
2. ls -l /home > roothomedirs
3. du -s home* >> roothomedirs
4. date >> roothomedirs, etc.
Instead of executing each of these commands manually, day
after day, you can place all of the commands into a file, make
the file executable, and then run the file as a program.
The program is what we call a unix Script
Disadvantages of shell scripts:
1. It lacks some advanced programming features, such as
object-oriented programming.
2. It is often much slower than executing other languages
because each command is normally executed as a separate
process.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
BASH Shell Scripting-II
I NOTE: Scripts should never have the SUID permission set.
This permission could allow someone to hijack the script and
run commands as the owner of the script.
I Securing Bash Scripts (Unix Scripts):
BASH scripts allow you to create tools although shell script
writers do not consider security; however, hackers will make
use of existing scripts to compromise the system, so having a
security policy for BASH scripts is important.
Security Consideration in Bash Scripts:
1. Allow only authorized users to access the scripts directory.
2. Set permissions on the scripts to avoid any one else edit
the scripts.Never set SUID or SGID: A hacker who knows
BASH can take advantage by running extra commands from
the script, which could provide access to other files
qn. What is the difference btn the following permissions to
bash script? -rwxr-x— vs -rwxrwx—.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Securing BASH Shell Scripts-II
I 3. In order to execute a script, the read permission has to be
enabled for a user. This means that, unlike with most system
binary commands, a user can see everything in a BASH script.
As a result, you should have a script security policy that
requires all scripts to be free of any sensitive data (user
names, passwords, and so on).
Consider the following two Bash scripts: how do they tell
users about the script security?
Script 1.
#!/bin/bash
cd data
ls -l jan folder
rm jan folderfile1
Script 2:
usrbin/cd /data
usrbin/ls -l jan folder
usrbin/rm jan folder/file1
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Securing BASH Shell Scripts-III
I 4. User data. This data can be gathered by command-line
arguments, via user-created environment variables, or through
interaction with the user (for example, the read command).
When dealing with user data, consider the following:
a).Avoid running critical commands that are based on user
data.
For example, do not accept a value from the user and then try
to execute the passwd command using that value.
b). Do not trust that environment variables are set correctly.
Perform validity checks on all user-related data. For example,
if you are expecting a user to provide a ZIP code of five digits,
verify they provide exactly five digits.
I Consider the following shell settings in your designs:
set -u: causes your shell script to exit prematurely if an unset
variable is used. set -f: This setting causes the expansion of
wildcards to be avoided. set -e: This setting causes a script
to exit automatically if any command in the script fails.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Linux Monitoring and Logging
I Linux system user may see various logging activities in the
various layers of the system and speculate on the security
concerns:
We can see these activities on the log directory
use the syntax:
ls -al /var/log/
Different logging information will be listed including Kernel
log, authentication logs etc.
I Based on the obtained information we can easily monitor user
activities on the system.
The information include time upon which the activity took
place.
As a result security tools may report an activity and the admin
may decide to block some of the access options.
I For example we can display the information of the
authentication based logging using the syntax:
cat /var/log/ auth.log
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S
Linux Monitoring and Logging-II
I grep utility command can be used to searh for what actually
have been happening in the specific log, for example the
authentication log:
cat /var/log/auth.log kgrep − e”sshd”
cat /var/log/auth.log —grep -e ”authentication failure”
For authentication monitoring we can look at the file ”wtmp”:
cat /var/log/auth.log/wtmp To obtain readable version of the
file we can use syntax:
man last So, the exact syntaxt to display the log in datae
time and the ip address use:
last -aiF
USER LAST LOGS:
syntax: man lastlog
eg. last log -u root
I System Monitoring Commands: top, htop, glances, whowatch
eg. syntax: who
It will display who is logged in and when was the log in done.
Dr. Kefa, M UNIT-III: UNIX SCRIPTS (Write and Manage Unix Scripts, S